Online documentation - Websydian v6.5 |
The CheckPasswordAndUpdateTables function first identifies the user from the SessionID received as parameter. The function then validates if the user is active and if the entered password equals the password stored in the database.
If the validation fails, *Returning status is set to *Error and an error code is returned in the UserErrorMessage field. If the passwords do not match, the FailedLogins field on the user record is incremented with one. If the password validation has failed three times, the UserStatus field is set to TooManyFailedLogins.
If the validation succeeds, the User record is updated with the LastLogin field set to the current time and the FailedLogins set to zero. Also the Session record is updated now referencing to the validated user.
It is important to note that the password validation/comparison is case-sensitive.